Actually, in my oh so very humble opinion, world has enough reasonably good VPNs that can operate on reasonably good connections.
What is lacking is something that can function transparently and effectively on a very flakey connection (thing lousy GPRS one) without introducing noticeable overhead. Given that lousy GPRS connections are unstable, any classic VPN scheme starts suffering a lot of connection re-negotiation overhead, which sucks (even if the overhead for a single instance of properly negotiating a session key is minuscle, when you do it every goddamn time connection is lost, it starts adding up really fast). Also, hearbeating tends to eat mobile battery pretty fast. Shadowsocks, by a group of Chinese developers ( https://github.com/shadowsocks ) avoids this issue by eschewing session key negotiation alltogether, and just encrypting stuff based on a user-supplied pre-shared secret. That isn't a very bad idea (if the user secret is strong enough) but it inerently lacks any forward secrecy, which is all kinds of hairy (also, it doesn't operate as a proper VPN, but a simpleton SOCKS proxy, but that is not a fundamental cryptographic issue, lol) I think some more work needs to be done to address conditions where heartbeating / frequent re-negotiation is problematic, connection is unstable, but some degree of forward secrecy is still desirable. Maybe there are clever solutions of cryptographic nature. Maybe not-so-clever solutions (like having session keys that expire X hours after being negotiated, not at end of every session) would be good enough for some usecases). But it's worth looking at, becase frankly, the "Reliable and reasonably secure VPNs for reasonably good connections" segment is already densely populated. Sincerely, J On Sun, May 3, 2015 at 4:44 PM, <stargr...@stargrave.org> wrote: > GoVPN project should be interesting in this maillist: > http://www.cypherpunks.ru/govpn/ > Aimed to be reviewable, secure, DPI-resistant, state-off-art crypto > free software VPN daemon. > > It is written on Go, so has small source code size. Uses fast > Password Authenticated Key Exchange (PAKE) based on Diffie-Hellman (DH) > Augmented Encrypted Key Exchange (A-EKE) for mutual strong > zero-knowledge peers authentication, using Curve25519 and Ed25519. Data > transport is encrypted (Salsa20), authenticated (Poly1305), hides > message's length and timestamp by appending noise and generating > constant packet rate dummy traffic. Perfect Forward Secrecy (PFS) > property, resistance to dictionary attacks (PBKDF2 and server-side > verifiers), replay attacks (nonces). Built-in heartbeating, > rehandshaking. All traffic is indistinguishable from the noise. > > Feedback is appreciated! > > -- > Happy hacking, Sergey Matveev > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography >
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
